What is Freedom of Information?

The Freedom of Information (Scotland) Act 2002 (FoISA) came into full force on 1 January 2005. FoISA aims to increase openness and accountability in government and across the public sector by ensuring that people have the right to access information held by Scottish public authorities. People will be able to see and question how such bodies function and how decisions are made. 

There are three main strands to the Act:

1. Publication Scheme

FoISA requires public authorities, including QMU, to maintain a publication scheme that sets out the types of information we routinely make available. The scheme also provides details of how you can access this information, and whether it is available free or if there is a charge.

2. Individual Requests

FoISA permits the public to request any information held by Scottish public authorities, including QMU. The request does not need to mention FoISA.

3. Records Management

Public authorities are required to implement records management policies to ensure effective management of what information they have, where it is kept and how long they keep it. Effective records management is central to FoISA requests. 
 

Who does it apply to?

FoISA applies to practically all public bodies in Scotland, including local authorities, the NHS, Colleges and Universities, the police, the Scottish Parliament and the Scottish Government. FoISA also applies to companies wholly owned by a public authority and, if designated, it may even apply to private companies carrying out a function for a public authority, for example under a contract. A full list of the organisations affected is set out in the Act and further bodies can be added by the Scottish Ministers. FoISA applies to Queen Margaret University because it falls within the category of higher education institutions and is therefore a public authority for the purposes of FoISA.

What does Freedom of Information mean for QMU?

The University has been required to develop a publication scheme so that the public can see what sort of information it holds. Where information is not proactively made available through this scheme, QMU will have to respond to specific requests for information. FoISA allows anyone (individual or organisation), anywhere to ask for information from a Scottish public authority. It does not matter how old the information is or why it was created, if the authority holds the information then it will have to give access to it, provided that an exemption does not apply.

How does FoISA fit with other legislation?

The Environmental Information (Scotland) Regulations came into effect on 1 January 2005. Every Scottish public authority now has a duty to make available environmental information on request. Although the intention of both pieces of legislation is to allow the public access to information, there are some differences between the two that are highlighted on the Office of the Scottish Information Commissioner's (OSIC)

The Data Protection Act 2018 sets out the data protection framework in the UK, alongside the UK GDPR, and came into effect on 25 May 2018. It was amended on 01 January 2021 by regulations under the European Union (Withdrawal) Act 2018, to reflect the UK’s status outside the EU.

The Data Protection Act 2018  aims to secure individuals' rights to privacy by protecting information that is held about them. Any authority that handles personal data must comply with the data protection principles which control how such data is processed. These principles include, amongst others, that personal data should be fairly and lawfully processed.

Further information on FoISA and the Data Protection Act is available on these webpages.

What happens if QMU does not provide information?

FoISA is enforced by the Scottish Information Commissioner. The Commissioner has a wide variety of powers under FoISA to ensure compliance, and QMU could be found in contempt of court if it fails to comply with a notice issued by the Commissioner.

The Commissioner is a fully independent public official, and has duties and legal powers to ensure that the public get the information from Scottish public authorities to which they are entitled. The Commissioner has a number of responsibilities which include dealing with complaints, promoting good practice to authorities, informing the public about FoISA and enforcing it.

Complaints concerning requests can only be made to the Information Commissioner once an applicant has exhausted the authority’s review procedure. If an applicant is dissatisfied with the response from the authority, they can take their complaint to the Scottish Information Commissioner. If the Commissioner decides to proceed, they will request comments from the authority before deciding if the complaint is valid. The Commissioner will notify both the applicant and the authority of their decision.

Enforcement

The Scottish Information Commissioner has a duty under FoISA to promote good practice amongst public authorities, and further information on their approach to enforcement can be viewed was part of their Strategic Plan and Enforcement Policy.

Freedom of Information and Data Protection

The Data Protection Act 2018 aims to secure individuals' rights to privacy by protecting information that is held about them. Any authority that handles personal data must comply with the data protection principles which control how such data is processed. These principles include, amongst others, that personal data should be fairly and lawfully processed.

Individuals have the right to ask for personal data held about them. This is known as a subject access request. Under Freedom of Information legislation, a request by an individual for information about themselves will be exempt under freedom of information but will continue to be handled under the provisions of the Data Protection Act.

If someone makes a request for information about another living individual, this will be handled under the Freedom of Information (Scotland) Act, but certain data protection considerations will still apply, for example the authority will not have to provide the information if the disclosure would breach the data protection principles. If the authority decides that it may wish to disclose the information, then it should usually notify the individual and take account of their wishes, although, the authority does not have to be bound by the views of the individual.

FOI Requests and Data Protection

Show Contacts

FOI Requests and Data Protection

Irene Hynd University Secretary 0131 474 0000